Test ID:	1.3.6.1.4.1.25623.1.0.50936
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2003:074
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2003:074. Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Enterprise Linux distributions. During a code audit of Sendmail by ISS, a critical vulnerability was uncovered that affects unpatched versions of Sendmail prior to version 8.12.8. A remote attacker can send a carefully crafted email message which, when processed by sendmail, causes arbitrary code to be executed as root. We are advised that a proof-of-concept exploit is known to exist, but is not believed to be in the wild. Since this is a message-based vulnerability, MTAs other than Sendmail may pass on the carefully crafted message. This means that unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly. All users are advised to update to these erratum packages which contain a backported patch to correct this vulnerability. Red Hat would like to thank Eric Allman for his assistance with this vulnerability. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-074.html http://www.cert.org/advisories/CA-2003-07.html Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 6991 Common Vulnerability Exposure (CVE) ID: CVE-2002-1337 AIX APAR: IY40500 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only AIX APAR: IY40501 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only AIX APAR: IY40502 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only http://www.securityfocus.com/bid/6991 Bugtraq: 20030303 Fwd: APPLE-SA-2003-03-03 sendmail (Google Search) http://marc.info/?l=bugtraq&m=104678862109841&w=2 Bugtraq: 20030303 sendmail 8.12.8 available (Google Search) http://marc.info/?l=bugtraq&m=104673778105192&w=2 Bugtraq: 20030304 GLSA: sendmail (200303-4) (Google Search) http://marc.info/?l=bugtraq&m=104678862409849&w=2 Bugtraq: 20030304 [LSD] Technical analysis of the remote sendmail vulnerability (Google Search) http://marc.info/?l=bugtraq&m=104678739608479&w=2 Caldera Security Advisory: CSSA-2003-SCO.5 ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Caldera Security Advisory: CSSA-2003-SCO.6 ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 http://www.cert.org/advisories/CA-2003-07.html CERT/CC vulnerability note: VU#398025 http://www.kb.cert.org/vuls/id/398025 Conectiva Linux advisory: CLA-2003:571 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Debian Security Information: DSA-257 (Google Search) http://www.debian.org/security/2003/dsa-257 FreeBSD Security Advisory: FreeBSD-SA-03:04 HPdes Security Advisory: HPSBUX0302-246 http://marc.info/?l=bugtraq&m=104679411316818&w=2 ISS Security Advisory: 20030303 Remote Sendmail Header Processing Vulnerability http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 NETBSD Security Advisory: NetBSD-SA2003-002 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 http://www.redhat.com/support/errata/RHSA-2003-073.html http://www.redhat.com/support/errata/RHSA-2003-074.html http://www.redhat.com/support/errata/RHSA-2003-227.html SGI Security Advisory: 20030301-01-P ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P SuSE Security Announcement: SuSE-SA:2003:013 (Google Search) http://www.iss.net/security_center/static/10748.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.